Tech Jambu: One stop shop for DC Virtualization Page 1 of 5

Share Report Abuse Next Blog» Create Blog Sign In

TECH JAMBU
DISCLAIMER: ALL POSTINGS ARE PROVIDED "AS IS" WITH NO WARRANTIES, AND CONFER NO
RIGHTS.ALSO THE POSTINGS ON THIS WEBLOG ARE SOLELY MY OPINIONS AND DO NOT
REPRESENT THE THOUGHTS, INTENTIONS, PLANS OR STRATEGIES OF ANYONE ELSE,
INCLUDING MY EMPLOYER

FRIDAY, FEBRUARY 13, 2009 FOLLOWERS

One stop shop for DC Virtualization Follow

with Google Friend Connect
Now a days everybody is running behind virtulization, Indeed there
is lot of advantages of virtualizing, Followers (1)

My aim of writing this post is to make a one stop shop for DC

Virtualization

Sizing a Virtual DC Already a member?Sign in

Monitor the current performance of your candidate DC for a month

or so. Collect the average and maximum processor, disk, memory BLOG ARCHIVE

and network utilization. You can use the existing monitoring tools ► 2010 (18)
in your environment or Perfmon.exe or Performance Advisor. This ▼ 2009 (18)
will give you a better idea of what the VDC (Virtual DC)
► December (4)
configuration should look like.
► August (1)
below listed items should give you a better idea about the current
DC performance ► July (2)
► June (3)
Available memory: ► May (3)
Total memory:
► April (2)
Pages/sec:
Pool non-paged: ▼ February (3)
Pool paged: One stop shop for DC
Overall CPU: Virtualization
LSASS.EXE CPU: Problems...problems...proble
LSASS.EXE memory: ms
avg disk read/sec: on NTDS drive About this blog
avg disk write/sec: on NTDS drive

Size the memory in order to cache the entire AD database, this will
improve the performance significantly.you can check the current ABOUT ME

database size by checking %systemroot%\NTDS\ntds.dit file size. JAM B UG AN

http://techjambu.blogspot.com/2009/02/one-stop-shop-for-dc-virtualization.html 8/26/2010
Tech Jambu: One stop shop for DC Virtualization Page 2 of 5

€ VIEW MY CO M PL ETE
PRO F ILE
Selecting OS

Selecting the OS version is important, as I mentioned above to

cache the entire AD database in memory. To take the full
advantage of caching you might need to use 64 bit version of
Windows. Reason behind this is 32 bit OS have memory addressing
limitation.
As a rule of thumb if your ntds.dit file size is less than 2GB, and
not expected to grow much you can go for 32 bit OS, else go for 64
bit. Refer Active Directory Performance for 64-bit Versions of
Windows Server 2003 (Note that its NOT recommended to use /3GB
switch in a DC)

One more reason to use 64bit OS is if your environment contains

Exchange, u can double the efficiency – Instead of a 1:4 ratio, you
can have a 1:8 ratio between Global Catalog processor cores and
Exchange server cores (It is important to note that this is not a 1:4
ratio of servers or even processors, but of processor cores: a dual
core processor counts as 2 when doing the ratio calculations)

Time Configuration

This is one of the most crucial part in virtualizing a DC. Time

configuration is sooo important for AD to be function correctly. AD
authentication is very much dependent on this (Kerberos). Use
either one of the below option for time configuration in a DC,
NEVER mix it.

1. Windows Time Service - If your environment is already using the

Windows Time service use this. To sync the DC time with domain
hierarchy use
command “w32tm /config /syncfromflags:DOMHIER /update”. You
can verify this by using
command “w32tm /dumpreg /subkey:parameters”, the output
should be something similar to this

Value Name Value Type Value Data

-----------------------------------------------------------------------------------
-------ServiceMain REG_SZ SvchostEntry_W32Time
ServiceDll REG_EXPAND_S C:\WINDOWS\system32\w32time.dll
Type REG_SZ NT5DS

http://techjambu.blogspot.com/2009/02/one-stop-shop-for-dc-virtualization.html 8/26/2010
Tech Jambu: One stop shop for DC Virtualization Page 3 of 5

Refer this KB884776 for how to configure the Windows Time

Service against a large time offset.

2. You can use VMWare Tools time synchronization with in the

virtual machine

3. You can also use "Descheduled Time Accounting" feature which

you can install by performing a custom installation of VMWare Tool
inside the guest OS.

Security

You should really think about security in a Virtualised DC, make

sure that the VHD file (Virtual Hard Disk) file are secured, and only
accessible to the people who need to have.
Refer Hyper-V Security Guide (You should have a MS Live ID) for
Hyper-V environments

Backup & Restore

All Active Directory restorations should be performed using

authoritative and non-authoritative methods, never ever use
snapshot mechanism for AD backup in a VDC, not only in a VDC but
also in a Physical DC. Do not recover an Active Directory database
from a backup copy of an old virtual disk. Remember Microsoft
does not support snapshots of DCs refer KB888794.
Improper restoration of Virtual DC will cause USN Rollback, refer
KB875495 for more details . Also avoid Undo/Redo or
Suspend/Pause of VDCs.

Support Policy

Note the Microsoft support policy for a VDC, If you don't have
premier support with MS, note the below lines
"As part of the investigation, Microsoft may require the issue to be
reproduced by the customer independently from the non-Microsoft
hardware virtualization software. This may be done on Windows
Server 2008 (with Hyper-V), the actual hardware platform with the
Windows operating system installed directly upon it, or on both."

Refer support policy for Microsoft software running in non-MS

hardware virtualization software - KB897615 and list of Microsoft
server software and supported virtualization environments –

http://techjambu.blogspot.com/2009/02/one-stop-shop-for-dc-virtualization.html 8/26/2010
Tech Jambu: One stop shop for DC Virtualization Page 4 of 5

KB957006 for more details.

P2V Migration

Always build a new VM and follow the normal DC installation

process, this is the safest way
You can use Cloning - but this is use full when to move a Virtual DC
from older host to new host. When cloning VDC should be in
powered off state, otherwise USN rollback can happen.
Remember DON'T do physical to virtual DC conversions, This will
corrupt the AD database and give you a hard time, fixing it.

Additional Information

Running Windows Active Directory in Virtual Infrastructure - This is

a nice PPT, easy to copy and paste, if u want to give a quick
presentation ;)

Microsoft Assessment and Planning Toolkit - The Microsoft

Assessment and Planning Toolkit (MAP) performs a detailed analysis
of hardware and device compatibility for migration to Windows
Server 2008, Microsoft Office 2007, Microsoft Application
Virtualization, and Windows Vista. The hardware assessment looks
at the installed hardware and determines if migration is
recommended, this can be also used for Server Virtualization in
Hyper-V, refer Server Virtualization Assessment using Microsoft
Assessment and Planning 3.1 Toolkit for more details.

Infrastructure Planning and Design Guide for Windows Server

Virtualization - Hyper-V

Considerations when hosting Active Directory DC in virtual hosting

environments - KB888794

Virtualizing a Windows Active Directory Domain Infrastructure -

VMWorld 2006 Presentation

Virutalization of Active Directory - VMWare Community

Virutalization of Active Directory - VMWare Community

http://techjambu.blogspot.com/2009/02/one-stop-shop-for-dc-virtualization.html 8/26/2010
Tech Jambu: One stop shop for DC Virtualization Page 5 of 5

Hope you got enough information for virtualizing a DC :)

PO S TED BY JA MBU GA N AT 11 :2 0 P M
LA BELS : VIRTU AL IZA TIO N

0 COMMENTS:

POST A COMMENT

Comment as: Select profile...

Post Comment Preview

LINKS TO THIS POST

Create a Link

Newer Post Home Older Post

Subscribe to: Post Comments (Atom)

http://techjambu.blogspot.com/2009/02/one-stop-shop-for-dc-virtualization.html 8/26/2010